First, a few definitions are in order:
- Phishing: a broad attempt to trick victims into sharing sensitive and/or confidential information. These attempts happen mostly by way of e-mail and can often take the form of a deceptive password reset e-mail. The attacks can hide themselves as an invoice, purchase receipt, or other carefully crafted e-mail with links that direct a user to a malicious portal that masquerades as one from a legitimate company such as Amazon, FedEx, Apple, or others.
- Spear Phishing: a targeted phishing attempt where the attacker has obtained personal information on the victim; such as children or relatives' names, friends, employer, locations frequented, and/or recent online purchases to name a few.
Protecting from Phishing Attacks
With both types of attacks, education is crucial. Phishing attacks can be spotted by hovering over links in an e-mail and ensuring that they're not going to an IP address (a group of four numbers separated by periods) or to a site that is not what you expect to be redirected to. For example, when hovering over a link to amazon.com, it should clearly show that it is going to amazon.com and not a misspelling or other site. Sometimes a misspelling is very difficult to spot at first glance (google.com vs. googel.com). Many online companies are buying common misspellings of their domains so they can avoid having them used in an attack.
Additional precautions can be taken by using strong spam and virus scanning software that is updated frequently (every 15 minutes at minimum) to scan e-mail messages for these harmful links and paying attention to the spelling, colors, and logos on the messages.
Protecting from Spear Phishing Attacks
Spear phishing attacks are somewhat difficult to look out for because their victims are being targeted specifically so the messages will have personal information within them. Some spear phishing attacks have even been known to involve preparation by conducting surveillance on the mailbox of the victim or others they know. There are several ways you can spot a spear phishing attempt:
- Be alert of any strange wording or out of character requests via e-mail
- Add some kind of identifier (our system automatically uses the prefix [EXTERNAL] on all inbound messages from outside sources) to the subject line of a message to hedge against spoofing of e-mail addresses from your company's domain
- Verify any requests involving money, password resets, or access requests by voice on a number that is known to be good and not from a phone number in the suspect e-mail
As I previously said, education is key. Knowing the tactics and what they look like are the best way to protect from these attacks since the messages are hand crafted and difficult for an automated system to detect.
